Lazzate issue and enhancements (#34)

* Replace E with EMAILADDRESS and enhance test tools * done
bryancalisto · Oct 25, 2024 · e3a0c24 · e3a0c24
1 parent cb040c9
commit e3a0c24
Show file tree

Hide file tree

Showing 13 changed files with 437 additions and 117 deletions.
diff --git a/.gitignore b/.gitignore
@@ -105,4 +105,8 @@ dist
 
 # Others
 build
-.vscode
+.vscode
+
+# debug files
+debug-signed.xml
+debug-not-signed.xml
diff --git a/README.md b/README.md
@@ -98,3 +98,11 @@ Por tal razón, funciona en Windows, Unix/Linux o cualquier plataforma que sopor
  ...
  </factura>
  ```
+
+## Nota importante sobre los archivos .p12
+El paquete se ha probado satisfactoriamente usando .p12 de estos proveedores:
+- Uanataca.
+- Security Data.
+- Lazzate.
+
+Si pruebas el paquete con .p12 de otros proveedores y encuentras problemas, por favor crea un [issue](https://github.com/bryancalisto/ec-sri-invoice-signer/issues)
diff --git a/ec-sri-invoice-signer/README.md b/ec-sri-invoice-signer/README.md
@@ -106,3 +106,11 @@ Por tal razón, funciona en Windows, Unix/Linux o cualquier plataforma que sopor
  ...
  </factura>
  ```
+
+## Nota importante sobre los archivos .p12
+El paquete se ha probado satisfactoriamente usando .p12 de estos proveedores:
+- Uanataca.
+- Security Data.
+- Lazzate.
+
+Si pruebas el paquete con .p12 de otros proveedores y encuentras problemas, por favor crea un [issue](https://github.com/bryancalisto/ec-sri-invoice-signer/issues)
diff --git a/ec-sri-invoice-signer/package.json b/ec-sri-invoice-signer/package.json
@@ -11,7 +11,8 @@
     "build": "tsc",
     "build:watch": "tsc -w",
     "test": "mocha",
-    "test:coverage": "nyc mocha"
+    "test:coverage": "nyc mocha",
+    "test:sri": "npx ts-node test/sri-test/sri-test.ts"
   },
   "repository": {
     "type": "git",
@@ -51,4 +52,4 @@
     "fast-xml-parser": "^4.2.5",
     "node-forge": "^1.3.1"
   }
-}
+}
diff --git a/ec-sri-invoice-signer/src/utils/cryptography.ts b/ec-sri-invoice-signer/src/utils/cryptography.ts
@@ -36,10 +36,23 @@ const extractPrivateKeyAndCertificateFromPkcs12 = (pkcs12RawData: string | Buffe
   }
 }
 
+const normalizeIssuerAttributeShortName = (shortName: string) => {
+  switch (shortName) {
+    case 'E':
+      // As required by the SRI validator code in this line (https://github.com/gdiazs/MITyCLib/blob/master/MITyCLibXADES/src/main/java/es/mityc/firmaJava/libreria/xades/ValidarFirmaXML.java#L2139).
+      // X500Principal needs EMAILADDRESS instead of E (https://docs.oracle.com/javase/7/docs/api/javax/security/auth/x500/X500Principal.html#X500Principal(java.lang.String)) and has been seen that some certificate issuers set the email address with 'E' shortName.
+      // The oid for email (1.2.840.113549.1.9.1) could also be used, but that's a bit cryptic and we know the SRI accepts EMAILADDRESS without issue so no need to be that generic.
+      return 'EMAILADDRESS';
+    default:
+      return shortName;
+  };
+};
+
 const extractIssuerData = (certificate: forge.pki.Certificate) => {
   const issuerName = certificate.issuer.attributes.reverse().filter((attr) => attr.shortName || attr.type).map((attr) => {
     if (attr.shortName) {
-      return `${attr.shortName}=${attr.value}`;
+      const normalizedShortName = normalizeIssuerAttributeShortName(attr.shortName);
+      return `${normalizedShortName}=${attr.value}`;
     }
     else {
       return `${attr.type}=${attr.value}`;
@@ -80,5 +93,6 @@ export {
   getHash,
   extractPrivateKeyAndCertificateFromPkcs12,
   extractPrivateKeyData,
+  extractIssuerData,
   extractX509Data
 }
diff --git a/ec-sri-invoice-signer/test/e2e.test.ts b/ec-sri-invoice-signer/test/e2e.test.ts
diff --git a/ec-sri-invoice-signer/test/signature/signature.test.ts b/ec-sri-invoice-signer/test/signature/signature.test.ts
@@ -21,4 +21,16 @@ describe('Given the signInvoice function', () => {
     const result = signInvoiceXml(invoiceXml, pkcs12Data, { pkcs12Password: '' });
     expect(result).to.equal(signedInvoice);
   });
+
+  it('should generate the signature for the invoice and put it at the end of the invoice with a certificate that has a issuer name with E field (email)', () => {
+    const invoiceXml = fs.readFileSync(path.resolve('test/test-data/invoice.xml')).toString();
+    const pkcs12Data = fs.readFileSync(path.resolve('test/test-data/edge-cases/certificate-with-email-address/pkcs12/signature.p12')).toString('base64');
+    const signedInvoice = fs.readFileSync(path.resolve('test/test-data/edge-cases/certificate-with-email-address/signed-invoice.xml')).toString();
+    // Keep variable data constant
+    sinon.stub(Utils, 'getDate').returns('2024-04-18T14:34:32.878-05:00');
+    sinon.stub(Utils, 'getRandomUuid').returns('5bdfc32d-a37f-47c3-90fe-49f5a093b7bf');
+
+    const result = signInvoiceXml(invoiceXml, pkcs12Data, { pkcs12Password: '' });
+    expect(result).to.equal(signedInvoice);
+  });
 });